Fix an illegal memory access triggered by an atempt to disassemble a corrupt xtensa...

	PR 28305
	* elf32-xtensa.c (elf_xtensa_do_reloc): Add check for put of range
	reloc.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 4e53a1f38dcb47637da4468254e852c0a5ff4d14..499e33634bb7a581378948cd504ea347c4958080 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,9 @@
 2021-09-07  Nick Clifton  <nickc@redhat.com>
 
+       PR 28305
+       * elf32-xtensa.c (elf_xtensa_do_reloc): Add check for put of range
+       reloc.
+
        PR 28303
        * elfxx-riscv.c (riscv_elf_add_sub_reloc): Add check for out of
        range relocs.

diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
index 7c5fb558bfb733cbad4af60a5cc72c57092e9f44..59f3dd55251c0e33fcca47c66b4674a5ebdf741e 100644 (file)
--- a/bfd/elf32-xtensa.c
+++ b/bfd/elf32-xtensa.c
@@ -1968,6 +1968,8 @@ elf_xtensa_do_reloc (reloc_howto_type *howto,
       return bfd_reloc_dangerous;
     }
 
+  if (input_size <= address)
+    return bfd_reloc_outofrange;
   /* Read the instruction into a buffer and decode the opcode.  */
   xtensa_insnbuf_from_chars (isa, ibuff, contents + address,
                             input_size - address);

diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index f6a153895fa8dd59190177ffef55e6c9a3e568ec..d92d9b8d8176e3ea41d53a0c7015139b64c17422 100644 (file)
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -227,7 +227,6 @@ xtensa_insnbuf_from_chars (xtensa_isa isa,
     }
 }
 
-
 \f
 /* ISA information.  */